<xccdf:rule-result xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
xmlns:notes="http://benchmarks.cisecurity.org/notes"
xmlns:ae="http://benchmarks.cisecurity.org/ae/0.5"
xmlns:ciscf="https://benchmarks.cisecurity.org/ciscf/1.0"
xmlns:cc7="http://cisecurity.org/20-cc/v7.0"
xmlns:cc6="http://cisecurity.org/20-cc/v6.1"
xmlns:ciscat-checklist="http://checklists.nist.gov/xccdf/1.2"
xmlns="http://checklists.nist.gov/xccdf/1.2"
xmlns:xhtml="http://www.w3.org/1999/xhtml"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:scap-con="http://scap.nist.gov/schema/scap/constructs/1.2"
xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
xmlns:dsc="http://scap.nist.gov/schema/scap/source/1.2"
xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
idref="xccdf_org.cisecurity.benchmarks_rule_4.1.9_Ensure_discretionary_access_control_permission_modification_events_are_collected"
role="full"
severity="unknown"
time="2023-02-19T20:06:22.865+02:00"
version="1"
weight="1.0">
<xccdf:result>fail</xccdf:result>
<xccdf:ident cc7:controlURI="http://cisecurity.org/20-cc/v7.0/control/5/subcontrol/5"
system="http://cisecurity.org/20-cc/v7.0"/>
<xccdf:complex-check operator="AND" negate="false">
<xccdf:complex-check operator="AND" negate="false">
<xccdf:complex-check operator="AND" negate="false">
<xccdf:complex-check operator="AND" negate="false">
<xccdf:complex-check operator="AND" negate="false">
<xccdf:complex-check operator="AND" negate="false">
<xccdf:check system="http://open-scap.org/page/SCE"
negate="false"
multi-check="false">
<xccdf:check-export export-name="XCCDF_VALUE_REGEX"
value-id="xccdf_org.cisecurity.benchmarks_value_1475341_var"/>
<xccdf:check-content-ref href="sce/nix_auditd_file_chk.sh"/>
<xccdf:check-content>
<command_result href="sce/nix_auditd_file_chk.sh"
xccdf="pass"
script="D:\CisCatLite\CIS-CAT-Lite-v4.26.0\Assessor\sce\nix_auditd_file_chk.sh"
exit-value="101">
<out>
<l>PASSED</l>
<l>audit rule: "-a always,exit -F arch=b32 -S chmod -S fchmod -S fchmodat -F auid>=1000 -F auid!=4294967295 -k perm_mod"</l>
<l>exists in: "/etc/audit/rules.d/50-perm_mod.rules"</l>
</out>
<err/>
<env>
<e name="XCCDF_VALUE_REGEX">^\s*-a\s+(?:always,exit|exit,always)\s+-F\s+arch=b32\s+(?!(?:\2|\3))(-S\s+chmod\s+|-S\s+fchmod\s+|-S\s+fchmodat\s+)(?!(?:\1|\3))(-S\s+chmod\s+|-S\s+fchmod\s+|-S\s+fchmodat\s+)(?!(?:\1|\2))(-S\s+chmod\s+|-S\s+fchmod\s+|-S\s+fchmodat\s+)-F\s+auid>=1000\s+-F\s+auid!=4294967295\s+-k\s+\S+ *$</e>
</env>
</command_result>
</xccdf:check-content>
<evidence xmlns="http://cisecurity.org/evidence">
<div class="sce">
<table class="evidence-sep" width="100%">
<tbody class="tbe">
<tr>
<td class="bold">Script:</td>
<td>sce/nix_auditd_file_chk.sh</td>
</tr>
<tr>
<td class="bold">Result:</td>
<td class="pass">Pass</td>
</tr>
<tr>
<td class="bold">Exit Value:</td>
<td>101</td>
</tr>
</tbody>
</table>
<table class="evidence" width="100%">
<tbody class="tbe">
<tr>
<td class="bold">Output:</td>
<td>
<ul class="unstyled">
<li>PASSED</li>
<li>audit rule: "-a always,exit -F arch=b32 -S chmod -S fchmod -S fchmodat -F auid>=1000 -F auid!=4294967295 -k perm_mod"</li>
<li>exists in: "/etc/audit/rules.d/50-perm_mod.rules"</li>
</ul>
</td>
</tr>
</tbody>
</table>
<table class="evidence" width="100%">
<tbody class="tbe">
<tr>
<td>No error lines were collected.</td>
</tr>
</tbody>
</table>
</div>
</evidence>
</xccdf:check>
<xccdf:check system="http://open-scap.org/page/SCE"
negate="false"
multi-check="false">
<xccdf:check-export export-name="XCCDF_VALUE_REGEX"
value-id="xccdf_org.cisecurity.benchmarks_value_1475342_var"/>
<xccdf:check-content-ref href="sce/nix_auditd_file_chk.sh"/>
<xccdf:check-content>
<command_result href="sce/nix_auditd_file_chk.sh"
xccdf="pass"
script="D:\CisCatLite\CIS-CAT-Lite-v4.26.0\Assessor\sce\nix_auditd_file_chk.sh"
exit-value="101">
<out>
<l>PASSED</l>
<l>audit rule: "-a always,exit -F arch=b32 -S chown -S fchown -S fchownat -S lchown -F auid>=1000 -F auid!=4294967295 -k perm_mod"</l>
<l>exists in: "/etc/audit/rules.d/50-perm_mod.rules"</l>
</out>
<err/>
<env>
<e name="XCCDF_VALUE_REGEX">^\s*-a\s+(?:always,exit|exit,always)\s+-F\s+arch=b32\s+(?!(?:\2|\3|\4))(-S\s+chown\s+|-S\s+fchown\s+|-S\s+fchownat\s+|-S\s+lchown\s+)(?!(?:\1|\3|\4))(-S\s+chown\s+|-S\s+fchown\s+|-S\s+fchownat\s+|-S\s+lchown\s+)(?!(?:\1|\2|\4))(-S\s+chown\s+|-S\s+fchown\s+|-S\s+fchownat\s+|-S\s+lchown\s+)(?!(?:\1|\2|\3))(-S\s+chown\s+|-S\s+fchown\s+|-S\s+fchownat\s+|-S\s+lchown\s+)-F\s+auid>=1000\s+-F\s+auid!=4294967295\s+-k\s+\S+ *$</e>
</env>
</command_result>
</xccdf:check-content>
<evidence xmlns="http://cisecurity.org/evidence">
<div class="sce">
<table class="evidence-sep" width="100%">
<tbody class="tbe">
<tr>
<td class="bold">Script:</td>
<td>sce/nix_auditd_file_chk.sh</td>
</tr>
<tr>
<td class="bold">Result:</td>
<td class="pass">Pass</td>
</tr>
<tr>
<td class="bold">Exit Value:</td>
<td>101</td>
</tr>
</tbody>
</table>
<table class="evidence" width="100%">
<tbody class="tbe">
<tr>
<td class="bold">Output:</td>
<td>
<ul class="unstyled">
<li>PASSED</li>
<li>audit rule: "-a always,exit -F arch=b32 -S chown -S fchown -S fchownat -S lchown -F auid>=1000 -F auid!=4294967295 -k perm_mod"</li>
<li>exists in: "/etc/audit/rules.d/50-perm_mod.rules"</li>
</ul>
</td>
</tr>
</tbody>
</table>
<table class="evidence" width="100%">
<tbody class="tbe">
<tr>
<td>No error lines were collected.</td>
</tr>
</tbody>
</table>
</div>
</evidence>
</xccdf:check>
</xccdf:complex-check>
<xccdf:check system="http://open-scap.org/page/SCE"
negate="false"
multi-check="false">
<xccdf:check-export export-name="XCCDF_VALUE_REGEX"
value-id="xccdf_org.cisecurity.benchmarks_value_1475343_var"/>
<xccdf:check-content-ref href="sce/nix_auditd_file_chk.sh"/>
<xccdf:check-content>
<command_result href="sce/nix_auditd_file_chk.sh"
xccdf="pass"
script="D:\CisCatLite\CIS-CAT-Lite-v4.26.0\Assessor\sce\nix_auditd_file_chk.sh"
exit-value="101">
<out>
<l>PASSED</l>
<l>audit rule: "-a always,exit -F arch=b32 -S setxattr -S lsetxattr -S fsetxattr -S removexattr -S lremovexattr -S fremovexattr -F auid>=1000 -F auid!=4294967295 -k perm_mod"</l>
<l>exists in: "/etc/audit/rules.d/50-perm_mod.rules"</l>
</out>
<err/>
<env>
<e name="XCCDF_VALUE_REGEX">^\s*-a\s+(?:always,exit|exit,always)\s+-F\s+arch=b32\s+(?!(?:\2|\3|\4|\5|\6))(-S\s+setxattr\s+|-S\s+lsetxattr\s+|-S\s+fsetxattr\s+|-S\s+removexattr\s+|-S\s+lremovexattr\s+|-S\s+fremovexattr\s+)(?!(?:\1|\3|\4|\5|\6))(-S\s+setxattr\s+|-S\s+lsetxattr\s+|-S\s+fsetxattr\s+|-S\s+removexattr\s+|-S\s+lremovexattr\s+|-S\s+fremovexattr\s+)(?!(?:\1|\2|\4|\5|\6))(-S\s+setxattr\s+|-S\s+lsetxattr\s+|-S\s+fsetxattr\s+|-S\s+removexattr\s+|-S\s+lremovexattr\s+|-S\s+fremovexattr\s+)(?!(?:\1|\2|\3|\5|\6))(-S\s+setxattr\s+|-S\s+lsetxattr\s+|-S\s+fsetxattr\s+|-S\s+removexattr\s+|-S\s+lremovexattr\s+|-S\s+fremovexattr\s+)(?!(?:\1|\2|\3|\4|\6))(-S\s+setxattr\s+|-S\s+lsetxattr\s+|-S\s+fsetxattr\s+|-S\s+removexattr\s+|-S\s+lremovexattr\s+|-S\s+fremovexattr\s+)(?!(?:\1|\2|\3|\4|\5))(-S\s+setxattr\s+|-S\s+lsetxattr\s+|-S\s+fsetxattr\s+|-S\s+removexattr\s+|-S\s+lremovexattr\s+|-S\s+fremovexattr\s+)-F\s+auid>=1000\s+-F\s+auid!=4294967295\s+-k\s+\S+ *$</e>
</env>
</command_result>
</xccdf:check-content>
<evidence xmlns="http://cisecurity.org/evidence">
<div class="sce">
<table class="evidence-sep" width="100%">
<tbody class="tbe">
<tr>
<td class="bold">Script:</td>
<td>sce/nix_auditd_file_chk.sh</td>
</tr>
<tr>
<td class="bold">Result:</td>
<td class="pass">Pass</td>
</tr>
<tr>
<td class="bold">Exit Value:</td>
<td>101</td>
</tr>
</tbody>
</table>
<table class="evidence" width="100%">
<tbody class="tbe">
<tr>
<td class="bold">Output:</td>
<td>
<ul class="unstyled">
<li>PASSED</li>
<li>audit rule: "-a always,exit -F arch=b32 -S setxattr -S lsetxattr -S fsetxattr -S removexattr -S lremovexattr -S fremovexattr -F auid>=1000 -F auid!=4294967295 -k perm_mod"</li>
<li>exists in: "/etc/audit/rules.d/50-perm_mod.rules"</li>
</ul>
</td>
</tr>
</tbody>
</table>
<table class="evidence" width="100%">
<tbody class="tbe">
<tr>
<td>No error lines were collected.</td>
</tr>
</tbody>
</table>
</div>
</evidence>
</xccdf:check>
</xccdf:complex-check>
<xccdf:check system="http://open-scap.org/page/SCE"
negate="false"
multi-check="false">
<xccdf:check-export export-name="XCCDF_VALUE_REGEX"
value-id="xccdf_org.cisecurity.benchmarks_value_1475345_var"/>
<xccdf:check-content-ref href="sce/nix_auditd_auditctl_chk.sh"/>
<xccdf:check-content>
<command_result href="sce/nix_auditd_auditctl_chk.sh"
xccdf="fail"
script="D:\CisCatLite\CIS-CAT-Lite-v4.26.0\Assessor\sce\nix_auditd_auditctl_chk.sh"
exit-value="102">
<out>
<l>FAILED</l>
<l>No auditd rules were found in the running config matching the regular expression:</l>
<l>^\s*-a\s+(?:always,exit|exit,always)\s+-F\s+arch=b32\s+-S\s+(?!(?:||||))(setxattr[,\s]|lsetxattr[,\s]|fsetxattr[,\s]|removexattr[,\s]|lremovexattr[,\s]|fremovexattr[,\s])(?!(?:||||))(setxattr[,\s]|lsetxattr[,\s]|fsetxattr[,\s]|removexattr[,\s]|lremovexattr[,\s]|fremovexattr[,\s])(?!(?:||||))(setxattr[,\s]|lsetxattr[,\s]|fsetxattr[,\s]|removexattr[,\s]|lremovexattr[,\s]|fremovexattr[,\s])(?!(?:||||))(setxattr[,\s]|lsetxattr[,\s]|fsetxattr[,\s]|removexattr[,\s]|lremovexattr[,\s]|fremovexattr[,\s])(?!(?:||||))(setxattr[,\s]|lsetxattr[,\s]|fsetxattr[,\s]|removexattr[,\s]|lremovexattr[,\s]|fremovexattr[,\s])(?!(?:||||))(setxattr[,\s]|lsetxattr[,\s]|fsetxattr[,\s]|removexattr[,\s]|lremovexattr[,\s]|fremovexattr[,\s])-F\s+auid>=1000\s+-F\s+auid!=-1\s+-F\s+key=\S+ *$</l>
</out>
<err/>
<env>
<e name="XCCDF_VALUE_REGEX">^\s*-a\s+(?:always,exit|exit,always)\s+-F\s+arch=b32\s+-S\s+(?!(?:\2|\3|\4|\5|\6))(setxattr[,\s]|lsetxattr[,\s]|fsetxattr[,\s]|removexattr[,\s]|lremovexattr[,\s]|fremovexattr[,\s])(?!(?:\1|\3|\4|\5|\6))(setxattr[,\s]|lsetxattr[,\s]|fsetxattr[,\s]|removexattr[,\s]|lremovexattr[,\s]|fremovexattr[,\s])(?!(?:\1|\2|\4|\5|\6))(setxattr[,\s]|lsetxattr[,\s]|fsetxattr[,\s]|removexattr[,\s]|lremovexattr[,\s]|fremovexattr[,\s])(?!(?:\1|\2|\3|\5|\6))(setxattr[,\s]|lsetxattr[,\s]|fsetxattr[,\s]|removexattr[,\s]|lremovexattr[,\s]|fremovexattr[,\s])(?!(?:\1|\2|\3|\4|\6))(setxattr[,\s]|lsetxattr[,\s]|fsetxattr[,\s]|removexattr[,\s]|lremovexattr[,\s]|fremovexattr[,\s])(?!(?:\1|\2|\3|\4|\5))(setxattr[,\s]|lsetxattr[,\s]|fsetxattr[,\s]|removexattr[,\s]|lremovexattr[,\s]|fremovexattr[,\s])-F\s+auid>=1000\s+-F\s+auid!=-1\s+-F\s+key=\S+ *$</e>
</env>
</command_result>
</xccdf:check-content>
<evidence xmlns="http://cisecurity.org/evidence">
<div class="sce">
<table class="evidence-sep" width="100%">
<tbody class="tbe">
<tr>
<td class="bold">Script:</td>
<td>sce/nix_auditd_auditctl_chk.sh</td>
</tr>
<tr>
<td class="bold">Result:</td>
<td class="fail">Fail</td>
</tr>
<tr>
<td class="bold">Exit Value:</td>
<td>102</td>
</tr>
</tbody>
</table>
<table class="evidence" width="100%">
<tbody class="tbe">
<tr>
<td class="bold">Output:</td>
<td>
<ul class="unstyled">
<li>FAILED</li>
<li>No auditd rules were found in the running config matching the regular expression:</li>
<li>^\s*-a\s+(?:always,exit|exit,always)\s+-F\s+arch=b32\s+-S\s+(?!(?:||||))(setxattr[,\s]|lsetxattr[,\s]|fsetxattr[,\s]|removexattr[,\s]|lremovexattr[,\s]|fremovexattr[,\s])(?!(?:||||))(setxattr[,\s]|lsetxattr[,\s]|fsetxattr[,\s]|removexattr[,\s]|lremovexattr[,\s]|fremovexattr[,\s])(?!(?:||||))(setxattr[,\s]|lsetxattr[,\s]|fsetxattr[,\s]|removexattr[,\s]|lremovexattr[,\s]|fremovexattr[,\s])(?!(?:||||))(setxattr[,\s]|lsetxattr[,\s]|fsetxattr[,\s]|removexattr[,\s]|lremovexattr[,\s]|fremovexattr[,\s])(?!(?:||||))(setxattr[,\s]|lsetxattr[,\s]|fsetxattr[,\s]|removexattr[,\s]|lremovexattr[,\s]|fremovexattr[,\s])(?!(?:||||))(setxattr[,\s]|lsetxattr[,\s]|fsetxattr[,\s]|removexattr[,\s]|lremovexattr[,\s]|fremovexattr[,\s])-F\s+auid>=1000\s+-F\s+auid!=-1\s+-F\s+key=\S+ *$</li>
</ul>
</td>
</tr>
</tbody>
</table>
<table class="evidence" width="100%">
<tbody class="tbe">
<tr>
<td>No error lines were collected.</td>
</tr>
</tbody>
</table>
</div>
</evidence>
</xccdf:check>
</xccdf:complex-check>
<xccdf:check system="http://open-scap.org/page/SCE"
negate="false"
multi-check="false">
<xccdf:check-export export-name="XCCDF_VALUE_REGEX"
value-id="xccdf_org.cisecurity.benchmarks_value_1475350_var"/>
<xccdf:check-content-ref href="sce/nix_auditd_auditctl_chk.sh"/>
<xccdf:check-content>
<command_result href="sce/nix_auditd_auditctl_chk.sh"
xccdf="fail"
script="D:\CisCatLite\CIS-CAT-Lite-v4.26.0\Assessor\sce\nix_auditd_auditctl_chk.sh"
exit-value="102">
<out>
<l>FAILED</l>
<l>No auditd rules were found in the running config matching the regular expression:</l>
<l>^\s*-a\s+(?:always,exit|exit,always)\s+-F\s+arch=b32\s+-S\s+(?!(?:|))(chmod[,\s]|fchmod[,\s]|fchmodat[,\s])(?!(?:|))(chmod[,\s]|fchmod[,\s]|fchmodat[,\s])(?!(?:|))(chmod[,\s]|fchmod[,\s]|fchmodat[,\s])-F\s+auid>=1000\s+-F\s+auid!=-1\s+-F\s+key=\S+ *$</l>
</out>
<err/>
<env>
<e name="XCCDF_VALUE_REGEX">^\s*-a\s+(?:always,exit|exit,always)\s+-F\s+arch=b32\s+-S\s+(?!(?:\2|\3))(chmod[,\s]|fchmod[,\s]|fchmodat[,\s])(?!(?:\1|\3))(chmod[,\s]|fchmod[,\s]|fchmodat[,\s])(?!(?:\1|\2))(chmod[,\s]|fchmod[,\s]|fchmodat[,\s])-F\s+auid>=1000\s+-F\s+auid!=-1\s+-F\s+key=\S+ *$</e>
</env>
</command_result>
</xccdf:check-content>
<evidence xmlns="http://cisecurity.org/evidence">
<div class="sce">
<table class="evidence-sep" width="100%">
<tbody class="tbe">
<tr>
<td class="bold">Script:</td>
<td>sce/nix_auditd_auditctl_chk.sh</td>
</tr>
<tr>
<td class="bold">Result:</td>
<td class="fail">Fail</td>
</tr>
<tr>
<td class="bold">Exit Value:</td>
<td>102</td>
</tr>
</tbody>
</table>
<table class="evidence" width="100%">
<tbody class="tbe">
<tr>
<td class="bold">Output:</td>
<td>
<ul class="unstyled">
<li>FAILED</li>
<li>No auditd rules were found in the running config matching the regular expression:</li>
<li>^\s*-a\s+(?:always,exit|exit,always)\s+-F\s+arch=b32\s+-S\s+(?!(?:|))(chmod[,\s]|fchmod[,\s]|fchmodat[,\s])(?!(?:|))(chmod[,\s]|fchmod[,\s]|fchmodat[,\s])(?!(?:|))(chmod[,\s]|fchmod[,\s]|fchmodat[,\s])-F\s+auid>=1000\s+-F\s+auid!=-1\s+-F\s+key=\S+ *$</li>
</ul>
</td>
</tr>
</tbody>
</table>
<table class="evidence" width="100%">
<tbody class="tbe">
<tr>
<td>No error lines were collected.</td>
</tr>
</tbody>
</table>
</div>
</evidence>
</xccdf:check>
</xccdf:complex-check>
<xccdf:check system="http://open-scap.org/page/SCE"
negate="false"
multi-check="false">
<xccdf:check-export export-name="XCCDF_VALUE_REGEX"
value-id="xccdf_org.cisecurity.benchmarks_value_1475351_var"/>
<xccdf:check-content-ref href="sce/nix_auditd_auditctl_chk.sh"/>
<xccdf:check-content>
<command_result href="sce/nix_auditd_auditctl_chk.sh"
xccdf="fail"
script="D:\CisCatLite\CIS-CAT-Lite-v4.26.0\Assessor\sce\nix_auditd_auditctl_chk.sh"
exit-value="102">
<out>
<l>FAILED</l>
<l>No auditd rules were found in the running config matching the regular expression:</l>
<l>^\s*-a\s+(?:always,exit|exit,always)\s+-F\s+arch=b32\s+-S\s+(?!(?:||))(lchown[,\s]|fchown[,\s]|chown[,\s]|fchownat[,\s])(?!(?:||))(lchown[,\s]|fchown[,\s]|chown[,\s]|fchownat[,\s])(?!(?:||))(lchown[,\s]|fchown[,\s]|chown[,\s]|fchownat[,\s])(?!(?:||))(lchown[,\s]|fchown[,\s]|chown[,\s]|fchownat[,\s])-F\s+auid>=1000\s+-F\s+auid!=-1\s+-F\s+key=\S+ *$</l>
</out>
<err/>
<env>
<e name="XCCDF_VALUE_REGEX">^\s*-a\s+(?:always,exit|exit,always)\s+-F\s+arch=b32\s+-S\s+(?!(?:\2|\3|\4))(lchown[,\s]|fchown[,\s]|chown[,\s]|fchownat[,\s])(?!(?:\1|\3|\4))(lchown[,\s]|fchown[,\s]|chown[,\s]|fchownat[,\s])(?!(?:\1|\2|\4))(lchown[,\s]|fchown[,\s]|chown[,\s]|fchownat[,\s])(?!(?:\1|\2|\3))(lchown[,\s]|fchown[,\s]|chown[,\s]|fchownat[,\s])-F\s+auid>=1000\s+-F\s+auid!=-1\s+-F\s+key=\S+ *$</e>
</env>
</command_result>
</xccdf:check-content>
<evidence xmlns="http://cisecurity.org/evidence">
<div class="sce">
<table class="evidence-sep" width="100%">
<tbody class="tbe">
<tr>
<td class="bold">Script:</td>
<td>sce/nix_auditd_auditctl_chk.sh</td>
</tr>
<tr>
<td class="bold">Result:</td>
<td class="fail">Fail</td>
</tr>
<tr>
<td class="bold">Exit Value:</td>
<td>102</td>
</tr>
</tbody>
</table>
<table class="evidence" width="100%">
<tbody class="tbe">
<tr>
<td class="bold">Output:</td>
<td>
<ul class="unstyled">
<li>FAILED</li>
<li>No auditd rules were found in the running config matching the regular expression:</li>
<li>^\s*-a\s+(?:always,exit|exit,always)\s+-F\s+arch=b32\s+-S\s+(?!(?:||))(lchown[,\s]|fchown[,\s]|chown[,\s]|fchownat[,\s])(?!(?:||))(lchown[,\s]|fchown[,\s]|chown[,\s]|fchownat[,\s])(?!(?:||))(lchown[,\s]|fchown[,\s]|chown[,\s]|fchownat[,\s])(?!(?:||))(lchown[,\s]|fchown[,\s]|chown[,\s]|fchownat[,\s])-F\s+auid>=1000\s+-F\s+auid!=-1\s+-F\s+key=\S+ *$</li>
</ul>
</td>
</tr>
</tbody>
</table>
<table class="evidence" width="100%">
<tbody class="tbe">
<tr>
<td>No error lines were collected.</td>
</tr>
</tbody>
</table>
</div>
</evidence>
</xccdf:check>
</xccdf:complex-check>
<xccdf:complex-check operator="OR" negate="false">
<xccdf:complex-check operator="AND" negate="false">
<xccdf:complex-check operator="AND" negate="false">
<xccdf:complex-check operator="AND" negate="false">
<xccdf:complex-check operator="AND" negate="false">
<xccdf:complex-check operator="AND" negate="false">
<xccdf:check system="http://open-scap.org/page/SCE"
negate="false"
multi-check="false">
<xccdf:check-export export-name="XCCDF_VALUE_REGEX"
value-id="xccdf_org.cisecurity.benchmarks_value_1475344_var"/>
<xccdf:check-content-ref href="sce/nix_auditd_file_chk.sh"/>
<xccdf:check-content>
<command_result href="sce/nix_auditd_file_chk.sh"
xccdf="pass"
script="D:\CisCatLite\CIS-CAT-Lite-v4.26.0\Assessor\sce\nix_auditd_file_chk.sh"
exit-value="101">
<out>
<l>PASSED</l>
<l>audit rule: "-a always,exit -F arch=b64 -S chmod -S fchmod -S fchmodat -F auid>=1000 -F auid!=4294967295 -k perm_mod"</l>
<l>exists in: "/etc/audit/rules.d/50-perm_mod.rules"</l>
</out>
<err/>
<env>
<e name="XCCDF_VALUE_REGEX">^\s*-a\s+(?:always,exit|exit,always)\s+-F\s+arch=b64\s+(?!(?:\2|\3))(-S\s+chmod\s+|-S\s+fchmod\s+|-S\s+fchmodat\s+)(?!(?:\1|\3))(-S\s+chmod\s+|-S\s+fchmod\s+|-S\s+fchmodat\s+)(?!(?:\1|\2))(-S\s+chmod\s+|-S\s+fchmod\s+|-S\s+fchmodat\s+)-F\s+auid>=1000\s+-F\s+auid!=4294967295\s+-k\s+\S+ *$</e>
</env>
</command_result>
</xccdf:check-content>
<evidence xmlns="http://cisecurity.org/evidence">
<div class="sce">
<table class="evidence-sep" width="100%">
<tbody class="tbe">
<tr>
<td class="bold">Script:</td>
<td>sce/nix_auditd_file_chk.sh</td>
</tr>
<tr>
<td class="bold">Result:</td>
<td class="pass">Pass</td>
</tr>
<tr>
<td class="bold">Exit Value:</td>
<td>101</td>
</tr>
</tbody>
</table>
<table class="evidence" width="100%">
<tbody class="tbe">
<tr>
<td class="bold">Output:</td>
<td>
<ul class="unstyled">
<li>PASSED</li>
<li>audit rule: "-a always,exit -F arch=b64 -S chmod -S fchmod -S fchmodat -F auid>=1000 -F auid!=4294967295 -k perm_mod"</li>
<li>exists in: "/etc/audit/rules.d/50-perm_mod.rules"</li>
</ul>
</td>
</tr>
</tbody>
</table>
<table class="evidence" width="100%">
<tbody class="tbe">
<tr>
<td>No error lines were collected.</td>
</tr>
</tbody>
</table>
</div>
</evidence>
</xccdf:check>
<xccdf:check system="http://open-scap.org/page/SCE"
negate="false"
multi-check="false">
<xccdf:check-export export-name="XCCDF_VALUE_REGEX"
value-id="xccdf_org.cisecurity.benchmarks_value_1475346_var"/>
<xccdf:check-content-ref href="sce/nix_auditd_file_chk.sh"/>
<xccdf:check-content>
<command_result href="sce/nix_auditd_file_chk.sh"
xccdf="pass"
script="D:\CisCatLite\CIS-CAT-Lite-v4.26.0\Assessor\sce\nix_auditd_file_chk.sh"
exit-value="101">
<out>
<l>PASSED</l>
<l>audit rule: "-a always,exit -F arch=b64 -S chown -S fchown -S fchownat -S lchown -F auid>=1000 -F auid!=4294967295 -k perm_mod"</l>
<l>exists in: "/etc/audit/rules.d/50-perm_mod.rules"</l>
</out>
<err/>
<env>
<e name="XCCDF_VALUE_REGEX">^\s*-a\s+(?:always,exit|exit,always)\s+-F\s+arch=b64\s+(?!(?:\2|\3|\4))(-S\s+chown\s+|-S\s+fchown\s+|-S\s+fchownat\s+|-S\s+lchown\s+)(?!(?:\1|\3|\4))(-S\s+chown\s+|-S\s+fchown\s+|-S\s+fchownat\s+|-S\s+lchown\s+)(?!(?:\1|\2|\4))(-S\s+chown\s+|-S\s+fchown\s+|-S\s+fchownat\s+|-S\s+lchown\s+)(?!(?:\1|\2|\3))(-S\s+chown\s+|-S\s+fchown\s+|-S\s+fchownat\s+|-S\s+lchown\s+)-F\s+auid>=1000\s+-F\s+auid!=4294967295\s+-k\s+\S+ *$</e>
</env>
</command_result>
</xccdf:check-content>
<evidence xmlns="http://cisecurity.org/evidence">
<div class="sce">
<table class="evidence-sep" width="100%">
<tbody class="tbe">
<tr>
<td class="bold">Script:</td>
<td>sce/nix_auditd_file_chk.sh</td>
</tr>
<tr>
<td class="bold">Result:</td>
<td class="pass">Pass</td>
</tr>
<tr>
<td class="bold">Exit Value:</td>
<td>101</td>
</tr>
</tbody>
</table>
<table class="evidence" width="100%">
<tbody class="tbe">
<tr>
<td class="bold">Output:</td>
<td>
<ul class="unstyled">
<li>PASSED</li>
<li>audit rule: "-a always,exit -F arch=b64 -S chown -S fchown -S fchownat -S lchown -F auid>=1000 -F auid!=4294967295 -k perm_mod"</li>
<li>exists in: "/etc/audit/rules.d/50-perm_mod.rules"</li>
</ul>
</td>
</tr>
</tbody>
</table>
<table class="evidence" width="100%">
<tbody class="tbe">
<tr>
<td>No error lines were collected.</td>
</tr>
</tbody>
</table>
</div>
</evidence>
</xccdf:check>
</xccdf:complex-check>
<xccdf:check system="http://open-scap.org/page/SCE"
negate="false"
multi-check="false">
<xccdf:check-export export-name="XCCDF_VALUE_REGEX"
value-id="xccdf_org.cisecurity.benchmarks_value_1475347_var"/>
<xccdf:check-content-ref href="sce/nix_auditd_file_chk.sh"/>
<xccdf:check-content>
<command_result href="sce/nix_auditd_file_chk.sh"
xccdf="pass"
script="D:\CisCatLite\CIS-CAT-Lite-v4.26.0\Assessor\sce\nix_auditd_file_chk.sh"
exit-value="101">
<out>
<l>PASSED</l>
<l>audit rule: "-a always,exit -F arch=b64 -S setxattr -S lsetxattr -S fsetxattr -S removexattr -S lremovexattr -S fremovexattr -F auid>=1000 -F auid!=4294967295 -k perm_mod"</l>
<l>exists in: "/etc/audit/rules.d/50-perm_mod.rules"</l>
</out>
<err/>
<env>
<e name="XCCDF_VALUE_REGEX">^\s*-a\s+(?:always,exit|exit,always)\s+-F\s+arch=b64\s+(?!(?:\2|\3|\4|\5|\6))(-S\s+setxattr\s+|-S\s+lsetxattr\s+|-S\s+fsetxattr\s+|-S\s+removexattr\s+|-S\s+lremovexattr\s+|-S\s+fremovexattr\s+)(?!(?:\1|\3|\4|\5|\6))(-S\s+setxattr\s+|-S\s+lsetxattr\s+|-S\s+fsetxattr\s+|-S\s+removexattr\s+|-S\s+lremovexattr\s+|-S\s+fremovexattr\s+)(?!(?:\1|\2|\4|\5|\6))(-S\s+setxattr\s+|-S\s+lsetxattr\s+|-S\s+fsetxattr\s+|-S\s+removexattr\s+|-S\s+lremovexattr\s+|-S\s+fremovexattr\s+)(?!(?:\1|\2|\3|\5|\6))(-S\s+setxattr\s+|-S\s+lsetxattr\s+|-S\s+fsetxattr\s+|-S\s+removexattr\s+|-S\s+lremovexattr\s+|-S\s+fremovexattr\s+)(?!(?:\1|\2|\3|\4|\6))(-S\s+setxattr\s+|-S\s+lsetxattr\s+|-S\s+fsetxattr\s+|-S\s+removexattr\s+|-S\s+lremovexattr\s+|-S\s+fremovexattr\s+)(?!(?:\1|\2|\3|\4|\5))(-S\s+setxattr\s+|-S\s+lsetxattr\s+|-S\s+fsetxattr\s+|-S\s+removexattr\s+|-S\s+lremovexattr\s+|-S\s+fremovexattr\s+)-F\s+auid>=1000\s+-F\s+auid!=4294967295\s+-k\s+\S+ *$</e>
</env>
</command_result>
</xccdf:check-content>
<evidence xmlns="http://cisecurity.org/evidence">
<div class="sce">
<table class="evidence-sep" width="100%">
<tbody class="tbe">
<tr>
<td class="bold">Script:</td>
<td>sce/nix_auditd_file_chk.sh</td>
</tr>
<tr>
<td class="bold">Result:</td>
<td class="pass">Pass</td>
</tr>
<tr>
<td class="bold">Exit Value:</td>
<td>101</td>
</tr>
</tbody>
</table>
<table class="evidence" width="100%">
<tbody class="tbe">
<tr>
<td class="bold">Output:</td>
<td>
<ul class="unstyled">
<li>PASSED</li>
<li>audit rule: "-a always,exit -F arch=b64 -S setxattr -S lsetxattr -S fsetxattr -S removexattr -S lremovexattr -S fremovexattr -F auid>=1000 -F auid!=4294967295 -k perm_mod"</li>
<li>exists in: "/etc/audit/rules.d/50-perm_mod.rules"</li>
</ul>
</td>
</tr>
</tbody>
</table>
<table class="evidence" width="100%">
<tbody class="tbe">
<tr>
<td>No error lines were collected.</td>
</tr>
</tbody>
</table>
</div>
</evidence>
</xccdf:check>
</xccdf:complex-check>
<xccdf:check system="http://open-scap.org/page/SCE"
negate="false"
multi-check="false">
<xccdf:check-export export-name="XCCDF_VALUE_REGEX"
value-id="xccdf_org.cisecurity.benchmarks_value_1475349_var"/>
<xccdf:check-content-ref href="sce/nix_auditd_auditctl_chk.sh"/>
<xccdf:check-content>
<command_result href="sce/nix_auditd_auditctl_chk.sh"
xccdf="fail"
script="D:\CisCatLite\CIS-CAT-Lite-v4.26.0\Assessor\sce\nix_auditd_auditctl_chk.sh"
exit-value="102">
<out>
<l>FAILED</l>
<l>No auditd rules were found in the running config matching the regular expression:</l>
<l>^\s*-a\s+(?:always,exit|exit,always)\s+-F\s+arch=b64\s+-S\s+(?!(?:||))(chown[,\s]|fchown[,\s]|lchown[,\s]|fchownat[,\s])(?!(?:||))(chown[,\s]|fchown[,\s]|lchown[,\s]|fchownat[,\s])(?!(?:||))(chown[,\s]|fchown[,\s]|lchown[,\s]|fchownat[,\s])(?!(?:||))(chown[,\s]|fchown[,\s]|lchown[,\s]|fchownat[,\s])-F\s+auid>=1000\s+-F\s+auid!=-1\s+-F\s+key=\S+ *$</l>
</out>
<err/>
<env>
<e name="XCCDF_VALUE_REGEX">^\s*-a\s+(?:always,exit|exit,always)\s+-F\s+arch=b64\s+-S\s+(?!(?:\2|\3|\4))(chown[,\s]|fchown[,\s]|lchown[,\s]|fchownat[,\s])(?!(?:\1|\3|\4))(chown[,\s]|fchown[,\s]|lchown[,\s]|fchownat[,\s])(?!(?:\1|\2|\4))(chown[,\s]|fchown[,\s]|lchown[,\s]|fchownat[,\s])(?!(?:\1|\2|\3))(chown[,\s]|fchown[,\s]|lchown[,\s]|fchownat[,\s])-F\s+auid>=1000\s+-F\s+auid!=-1\s+-F\s+key=\S+ *$</e>
</env>
</command_result>
</xccdf:check-content>
<evidence xmlns="http://cisecurity.org/evidence">
<div class="sce">
<table class="evidence-sep" width="100%">
<tbody class="tbe">
<tr>
<td class="bold">Script:</td>
<td>sce/nix_auditd_auditctl_chk.sh</td>
</tr>
<tr>
<td class="bold">Result:</td>
<td class="fail">Fail</td>
</tr>
<tr>
<td class="bold">Exit Value:</td>
<td>102</td>
</tr>
</tbody>
</table>
<table class="evidence" width="100%">
<tbody class="tbe">
<tr>
<td class="bold">Output:</td>
<td>
<ul class="unstyled">
<li>FAILED</li>
<li>No auditd rules were found in the running config matching the regular expression:</li>
<li>^\s*-a\s+(?:always,exit|exit,always)\s+-F\s+arch=b64\s+-S\s+(?!(?:||))(chown[,\s]|fchown[,\s]|lchown[,\s]|fchownat[,\s])(?!(?:||))(chown[,\s]|fchown[,\s]|lchown[,\s]|fchownat[,\s])(?!(?:||))(chown[,\s]|fchown[,\s]|lchown[,\s]|fchownat[,\s])(?!(?:||))(chown[,\s]|fchown[,\s]|lchown[,\s]|fchownat[,\s])-F\s+auid>=1000\s+-F\s+auid!=-1\s+-F\s+key=\S+ *$</li>
</ul>
</td>
</tr>
</tbody>
</table>
<table class="evidence" width="100%">
<tbody class="tbe">
<tr>
<td>No error lines were collected.</td>
</tr>
</tbody>
</table>
</div>
</evidence>
</xccdf:check>
</xccdf:complex-check>
<xccdf:check system="http://open-scap.org/page/SCE"
negate="false"
multi-check="false">
<xccdf:check-export export-name="XCCDF_VALUE_REGEX"
value-id="xccdf_org.cisecurity.benchmarks_value_1475352_var"/>
<xccdf:check-content-ref href="sce/nix_auditd_auditctl_chk.sh"/>
<xccdf:check-content>
<command_result href="sce/nix_auditd_auditctl_chk.sh"
xccdf="fail"
script="D:\CisCatLite\CIS-CAT-Lite-v4.26.0\Assessor\sce\nix_auditd_auditctl_chk.sh"
exit-value="102">
<out>
<l>FAILED</l>
<l>No auditd rules were found in the running config matching the regular expression:</l>
<l>^\s*-a\s+(?:always,exit|exit,always)\s+-F\s+arch=b64\s+-S\s+(?!(?:||||))(setxattr[,\s]|lsetxattr[,\s]|fsetxattr[,\s]|removexattr[,\s]|lremovexattr[,\s]|fremovexattr[,\s])(?!(?:||||))(setxattr[,\s]|lsetxattr[,\s]|fsetxattr[,\s]|removexattr[,\s]|lremovexattr[,\s]|fremovexattr[,\s])(?!(?:||||))(setxattr[,\s]|lsetxattr[,\s]|fsetxattr[,\s]|removexattr[,\s]|lremovexattr[,\s]|fremovexattr[,\s])(?!(?:||||))(setxattr[,\s]|lsetxattr[,\s]|fsetxattr[,\s]|removexattr[,\s]|lremovexattr[,\s]|fremovexattr[,\s])(?!(?:||||))(setxattr[,\s]|lsetxattr[,\s]|fsetxattr[,\s]|removexattr[,\s]|lremovexattr[,\s]|fremovexattr[,\s])(?!(?:||||))(setxattr[,\s]|lsetxattr[,\s]|fsetxattr[,\s]|removexattr[,\s]|lremovexattr[,\s]|fremovexattr[,\s])-F\s+auid>=1000\s+-F\s+auid!=-1\s+-F\s+key=\S+ *$</l>
</out>
<err/>
<env>
<e name="XCCDF_VALUE_REGEX">^\s*-a\s+(?:always,exit|exit,always)\s+-F\s+arch=b64\s+-S\s+(?!(?:\2|\3|\4|\5|\6))(setxattr[,\s]|lsetxattr[,\s]|fsetxattr[,\s]|removexattr[,\s]|lremovexattr[,\s]|fremovexattr[,\s])(?!(?:\1|\3|\4|\5|\6))(setxattr[,\s]|lsetxattr[,\s]|fsetxattr[,\s]|removexattr[,\s]|lremovexattr[,\s]|fremovexattr[,\s])(?!(?:\1|\2|\4|\5|\6))(setxattr[,\s]|lsetxattr[,\s]|fsetxattr[,\s]|removexattr[,\s]|lremovexattr[,\s]|fremovexattr[,\s])(?!(?:\1|\2|\3|\5|\6))(setxattr[,\s]|lsetxattr[,\s]|fsetxattr[,\s]|removexattr[,\s]|lremovexattr[,\s]|fremovexattr[,\s])(?!(?:\1|\2|\3|\4|\6))(setxattr[,\s]|lsetxattr[,\s]|fsetxattr[,\s]|removexattr[,\s]|lremovexattr[,\s]|fremovexattr[,\s])(?!(?:\1|\2|\3|\4|\5))(setxattr[,\s]|lsetxattr[,\s]|fsetxattr[,\s]|removexattr[,\s]|lremovexattr[,\s]|fremovexattr[,\s])-F\s+auid>=1000\s+-F\s+auid!=-1\s+-F\s+key=\S+ *$</e>
</env>
</command_result>
</xccdf:check-content>
<evidence xmlns="http://cisecurity.org/evidence">
<div class="sce">
<table class="evidence-sep" width="100%">
<tbody class="tbe">
<tr>
<td class="bold">Script:</td>
<td>sce/nix_auditd_auditctl_chk.sh</td>
</tr>
<tr>
<td class="bold">Result:</td>
<td class="fail">Fail</td>
</tr>
<tr>
<td class="bold">Exit Value:</td>
<td>102</td>
</tr>
</tbody>
</table>
<table class="evidence" width="100%">
<tbody class="tbe">
<tr>
<td class="bold">Output:</td>
<td>
<ul class="unstyled">
<li>FAILED</li>
<li>No auditd rules were found in the running config matching the regular expression:</li>
<li>^\s*-a\s+(?:always,exit|exit,always)\s+-F\s+arch=b64\s+-S\s+(?!(?:||||))(setxattr[,\s]|lsetxattr[,\s]|fsetxattr[,\s]|removexattr[,\s]|lremovexattr[,\s]|fremovexattr[,\s])(?!(?:||||))(setxattr[,\s]|lsetxattr[,\s]|fsetxattr[,\s]|removexattr[,\s]|lremovexattr[,\s]|fremovexattr[,\s])(?!(?:||||))(setxattr[,\s]|lsetxattr[,\s]|fsetxattr[,\s]|removexattr[,\s]|lremovexattr[,\s]|fremovexattr[,\s])(?!(?:||||))(setxattr[,\s]|lsetxattr[,\s]|fsetxattr[,\s]|removexattr[,\s]|lremovexattr[,\s]|fremovexattr[,\s])(?!(?:||||))(setxattr[,\s]|lsetxattr[,\s]|fsetxattr[,\s]|removexattr[,\s]|lremovexattr[,\s]|fremovexattr[,\s])(?!(?:||||))(setxattr[,\s]|lsetxattr[,\s]|fsetxattr[,\s]|removexattr[,\s]|lremovexattr[,\s]|fremovexattr[,\s])-F\s+auid>=1000\s+-F\s+auid!=-1\s+-F\s+key=\S+ *$</li>
</ul>
</td>
</tr>
</tbody>
</table>
<table class="evidence" width="100%">
<tbody class="tbe">
<tr>
<td>No error lines were collected.</td>
</tr>
</tbody>
</table>
</div>
</evidence>
</xccdf:check>
</xccdf:complex-check>
<xccdf:check system="http://open-scap.org/page/SCE"
negate="false"
multi-check="false">
<xccdf:check-export export-name="XCCDF_VALUE_REGEX"
value-id="xccdf_org.cisecurity.benchmarks_value_1475353_var"/>
<xccdf:check-content-ref href="sce/nix_auditd_auditctl_chk.sh"/>
<xccdf:check-content>
<command_result href="sce/nix_auditd_auditctl_chk.sh"
xccdf="fail"
script="D:\CisCatLite\CIS-CAT-Lite-v4.26.0\Assessor\sce\nix_auditd_auditctl_chk.sh"
exit-value="102">
<out>
<l>FAILED</l>
<l>No auditd rules were found in the running config matching the regular expression:</l>
<l>^\s*-a\s+(?:always,exit|exit,always)\s+-F\s+arch=b64\s+-S\s+(?!(?:|))(chmod[,\s]|fchmod[,\s]|fchmodat[,\s])(?!(?:|))(chmod[,\s]|fchmod[,\s]|fchmodat[,\s])(?!(?:|))(chmod[,\s]|fchmod[,\s]|fchmodat[,\s])-F\s+auid>=1000\s+-F\s+auid!=-1\s+-F\s+key=\S+ *$</l>
</out>
<err/>
<env>
<e name="XCCDF_VALUE_REGEX">^\s*-a\s+(?:always,exit|exit,always)\s+-F\s+arch=b64\s+-S\s+(?!(?:\2|\3))(chmod[,\s]|fchmod[,\s]|fchmodat[,\s])(?!(?:\1|\3))(chmod[,\s]|fchmod[,\s]|fchmodat[,\s])(?!(?:\1|\2))(chmod[,\s]|fchmod[,\s]|fchmodat[,\s])-F\s+auid>=1000\s+-F\s+auid!=-1\s+-F\s+key=\S+ *$</e>
</env>
</command_result>
</xccdf:check-content>
<evidence xmlns="http://cisecurity.org/evidence">
<div class="sce">
<table class="evidence-sep" width="100%">
<tbody class="tbe">
<tr>
<td class="bold">Script:</td>
<td>sce/nix_auditd_auditctl_chk.sh</td>
</tr>
<tr>
<td class="bold">Result:</td>
<td class="fail">Fail</td>
</tr>
<tr>
<td class="bold">Exit Value:</td>
<td>102</td>
</tr>
</tbody>
</table>
<table class="evidence" width="100%">
<tbody class="tbe">
<tr>
<td class="bold">Output:</td>
<td>
<ul class="unstyled">
<li>FAILED</li>
<li>No auditd rules were found in the running config matching the regular expression:</li>
<li>^\s*-a\s+(?:always,exit|exit,always)\s+-F\s+arch=b64\s+-S\s+(?!(?:|))(chmod[,\s]|fchmod[,\s]|fchmodat[,\s])(?!(?:|))(chmod[,\s]|fchmod[,\s]|fchmodat[,\s])(?!(?:|))(chmod[,\s]|fchmod[,\s]|fchmodat[,\s])-F\s+auid>=1000\s+-F\s+auid!=-1\s+-F\s+key=\S+ *$</li>
</ul>
</td>
</tr>
</tbody>
</table>
<table class="evidence" width="100%">
<tbody class="tbe">
<tr>
<td>No error lines were collected.</td>
</tr>
</tbody>
</table>
</div>
</evidence>
</xccdf:check>
</xccdf:complex-check>
<xccdf:check system="http://open-scap.org/page/SCE"
negate="false"
multi-check="false">
<xccdf:check-content-ref href="sce/arch32_chk.sh"/>
<xccdf:check-content>
<command_result href="sce/arch32_chk.sh"
xccdf="fail"
script="D:\CisCatLite\CIS-CAT-Lite-v4.26.0\Assessor\sce\arch32_chk.sh"
exit-value="102">
<out>
<l>system is running: x86_64</l>
</out>
<err/>
<env/>
</command_result>
</xccdf:check-content>
<evidence xmlns="http://cisecurity.org/evidence">
<div class="sce">
<table class="evidence-sep" width="100%">
<tbody class="tbe">
<tr>
<td class="bold">Script:</td>
<td>sce/arch32_chk.sh</td>
</tr>
<tr>
<td class="bold">Result:</td>
<td class="fail">Fail</td>
</tr>
<tr>
<td class="bold">Exit Value:</td>
<td>102</td>
</tr>
</tbody>
</table>
<table class="evidence" width="100%">
<tbody class="tbe">
<tr>
<td class="bold">Output:</td>
<td>
<ul class="unstyled">
<li>system is running: x86_64</li>
</ul>
</td>
</tr>
</tbody>
</table>
<table class="evidence" width="100%">
<tbody class="tbe">
<tr>
<td>No error lines were collected.</td>
</tr>
</tbody>
</table>
</div>
</evidence>
</xccdf:check>
</xccdf:complex-check>
</xccdf:complex-check>
</xccdf:rule-result>